AnsweredAssumed Answered

Macromedia Dreamweaver Remote User Database Access Vulnerability

Question asked by kay patel on Mar 29, 2018

All,

 

One of my VMs is coming back with following Vulnerability "Macromedia Dreamweaver Remote User Database Access Vulnerability" but this VM does not have dreamweaver installed nor it never did. how is this error coming up? Please help.

Below is what I got from Qualys but the link does not work either.

 

 

Solution : There are no vendor-supplied software solutions at this time. Check Macromedia Security Bulletin MPSB 04-05 (http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html) for updates.
 
 Workaround : Macromedia has provided the follow Workaround

 

Workaround: Macromedia has provided the following workaround for this issue. Note that this text is taken verbatim from the referenced Macromedia security advisory:

1) Use a local design-time database connection when creating and testing your dynamic web pages, as discussed in Understanding design-time and run-time connections in Dreamweaver (TechNote 16566). When you specify "Using Driver On This Machine" or "Using Local DSN" the database driver is located on the same machine as Dreamweaver, so no network communication is necessary to get to the database driver, and the MMHTTPDB scripts are not uploaded to the production server.

2) Use two servers: one for development and one for production. Use the development server for creating and testing your dynamic web pages. You can allow Dreamweaver to upload the MMHTTPDB scripts to the development server, assuming it's protected and HTTP is only accessible behind the corporate firewall. The MMTTPDB scripts should not be uploaded to the production server.

Expand Title Port/Service Operating System CVSS CVSS3 Status

 

Outcomes